ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openclaw 3d Blender MCP

v1.0.0

Instalación completa de Blender MCP para OpenClaw. Incluye setup local/remoto, ngrok, verificación, troubleshooting y estudio de 3 recursos obligatorios (ble...

1· 119·0 current·0 all-time
by@yejay7
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to install/configure Blender MCP (local or remote) and includes many helper scripts. However several scripts (blender_direct*.py, blender_wait.py, mcp_client*.py, http_bridge.py, test_*.py, etc.) hard‑code external ngrok hostnames and ports (e.g. 8.tcp.ngrok.io, 0.tcp.ngrok.io) instead of defaulting to localhost or requiring explicit user configuration. A setup/installer should not ship with persistent defaults that point to third‑party tunnels; that is disproportionate to the stated purpose and could cause the user to connect to remote systems they don't control.
!
Instruction Scope
SKILL.md instructs the user to run the included scripts and to start uvx/blender‑mcp, but does not warn about the scripts' hardcoded remote endpoints. The instructions request/expect BLENDER_HOST and BLENDER_PORT env vars (which is appropriate), yet many runtime scripts ignore those and use embedded ngrok addresses. The skill also provides an HTTP bridge (scripts/http_bridge.py) that starts an unauthenticated local HTTP server that reports and forwards requests to the configured Blender endpoint — this expands the attack surface by exposing an open local API that can be triggered by other local actors.
Install Mechanism
There is no install spec (instruction‑only + source files). Nothing is downloaded during install. That lowers supply‑chain risk compared with arbitrary remote downloads.
!
Credentials
The registry metadata declares no required environment variables, but the SKILL.md and scripts use BLENDER_HOST and BLENDER_PORT. That alone is reasonable. The concern is that the code often ignores env overrides and uses public ngrok tunnels by default, allowing network access to third‑party endpoints without any credentials or user confirmation. The skill does not ask for secrets, but it nevertheless attempts network communication to external hosts which is not justified by an 'installer' without explicit configuration.
Persistence & Privilege
always:false and no explicit persistent installation privileges — good. However several scripts launch subprocesses (uvx blender-mcp) and one script runs an unauthenticated HTTP server on localhost:8765, which could be used to trigger Blender commands locally without access control. This is not 'always' privileged but is a post‑install runtime exposure the user should be aware of.
Scan Findings in Context
[socket-usage] expected: Connecting to Blender via TCP is expected for MCP clients. But many files use hardcoded public ngrok hostnames which is unexpected for an installer.
[subprocess-spawn-uvx] expected: Starting uvx/blender-mcp via subprocess is consistent with running an MCP client/server. Declaration should still mention required binary 'uvx' (SKILL.md references it but registry metadata lists none).
[http-server-listen] unexpected: scripts/http_bridge.py starts an unauthenticated HTTP server accepting POSTs to request Blender commands. Exposing such an endpoint without auth is potentially dangerous and not clearly justified in SKILL.md.
[hardcoded-remote-endpoints] unexpected: Multiple scripts hardcode ngrok domains/ports. Example patterns are plausible as examples but should not be defaults that the user runs without change.
What to consider before installing
This skill contains useful Blender‑MCP tooling, but exercise caution before running anything: 1) Do not run the scripts until you have inspected and changed BLENDER_HOST/BLENDER_PORT to point to your own Blender (localhost) — many scripts default to public ngrok tunnels. 2) Treat any script that sends 'execute_blender_code' or similar as capable of executing arbitrary Python on the target Blender instance; only use it against Blender instances you control. 3) The http_bridge starts an unauthenticated HTTP server on localhost:8765 — if you run it, consider restricting its bind address, firewalling the port, or adding authentication. 4) If you only want a local setup, search/replace any ngrok hostnames in the repository with 'localhost' and confirm scripts honor env vars. 5) If you are unsure who controls the hardcoded ngrok endpoints, do not run those scripts — they could leak scene data or allow remote code execution on machines behind those tunnels. If you want additional assurance, request from the skill author that defaults be removed and that all network endpoints require explicit configuration.

Like a lobster shell, security has layers — review code before you run it.

3dvk97036k30dtkar2a72kt7a263h840pbxanimationvk97036k30dtkar2a72kt7a263h840pbxblendervk97036k30dtkar2a72kt7a263h840pbxlatestvk97036k30dtkar2a72kt7a263h840pbxmcpvk97036k30dtkar2a72kt7a263h840pbxsetupvk97036k30dtkar2a72kt7a263h840pbx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments